CVE-2011-2652

Name of the Vulnerable Software and Affected Versions Kiwi versions prior to 3.74.2 SUSE Studio versions prior to 1.1.4

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted archive file list used in an overlay file.

Recommendations For Kiwi versions prior to 3.74.2, update to version 3.74.2 or later. For SUSE Studio versions prior to 1.1.4, update to version 1.1.4 or later.